Jump to content

ssl problem on android

fassisoft

By fassisoft
in General

 Share

Recommended Posts

fassisoft Newbie

fassisoft

Posted
Posted

hello

I downloaded my certificate  (TrustCor Standard DV noip)

i installed my ssl on my server which needs three cert.pem root.pem and key.pem files
cert is my certificate. key.pem my private for root key I downloaded chain pem converted to rooy.pem.
the chain.pem file contains 3 certificates: 
1 intermediate1, intermediate2 and root 

all works fine on desktop pc but for android I have a problem with invalid certificate please help me

the result of the test my certificate gives:

Certificate #1: RSA 2048 bits (SHA256withRSA)

Server Key and Certificate #1
Subject    mondomaine.ly
Fingerprint SHA256: 53c2a119bfe36c74e2830b4df91015f0337eeafdb75b3b29652c35ad646f7d7c
Pin SHA256: LBEhUc/LINIlfK7G/C29ZpAzgV1fFegJ+HnN4g47o0w=
Common names    mondomaine.ly
Alternative names    mondomaine.ly
Serial Number    00dfcea85d0ab3312a7f502442
Valid from    Sun, 13 Jun 2021 08:49:16 UTC
Valid until    Mon, 13 Jun 2022 08:49:15 UTC (expires in 11 months and 27 days)
Key    RSA 2048 bits (e 65537)
Weak key (Debian)    No
Issuer    TrustCor DV SSL CA - G2 - RSA
AIA: http://certs.trustcor.ca/sub/dv-ssl-rsa.der
Signature algorithm    SHA256withRSA
Extended Validation    No
Certificate Transparency    Yes (certificate)
OCSP Must Staple    No
Revocation information    CRL, OCSP
CRL: http://crl.trustcor.ca/sub/dv-ssl-rsa-s-66.crl
OCSP: http://ocsp.trustcor.ca
Revocation status    Validation error
OCSP ERROR: Exception: connect timed out [http://ocsp.trustcor.ca]
CRL ERROR: IOException occurred
DNS CAA    No (more info)
Trusted    Yes
Mozilla  Apple  Android  Java  Windows 


Additional Certificates (if supplied)
Certificates provided    4 (5277 bytes)
Chain issues    Contains anchor
#2
Subject    TrustCor DV SSL CA - G2 - RSA
Fingerprint SHA256: beb51c8f452426b2b9e672f7dd1eea4b33d6c38f4ca2a96956ce24bd05b0c38d
Pin SHA256: eS9Oc92+qoeyy7FaGbRe6FO/VTah35Lxm0PDdpsLdHc=
Valid until    Sun, 30 Dec 2029 22:59:59 UTC (expires in 8 years and 6 months)
Key    RSA 2048 bits (e 65537)
Issuer    TrustCor DV SSL CA - G2
Signature algorithm    SHA256withRSA
#3
Subject    TrustCor DV SSL CA - G2
Fingerprint SHA256: f0b6b7598df2790471552632eba9cde6d349065fc6d665957f9eeef5a7bb24f2
Pin SHA256: joJVEgkWNcXOGzwqvqRUGUI1s5Dz+sm7yE2V6LjAa9A=
Valid until    Sun, 30 Dec 2029 23:59:59 UTC (expires in 8 years and 6 months)
Key    RSA 2048 bits (e 65537)
Issuer    TrustCor RootCert CA-1
Signature algorithm    SHA256withRSA
#4
Subject    TrustCor RootCert CA-1   In trust store
Fingerprint SHA256: d40e9c86cd8fe468c1776959f49ea774fa548684b6c406f3909261f4dce2575c
Pin SHA256: 6of0Yt7v/713daoqS34Py5HCLu5t9p7ZAQDMxzsxFHY=
Valid until    Mon, 31 Dec 2029 17:23:16 UTC (expires in 8 years and 6 months)
Key    RSA 2048 bits (e 65537)
Issuer    TrustCor RootCert CA-1   Self-signed
Signature algorithm    SHA256withRSA


Show Certification PathsCertification Paths
Click here to expand

Configuration

Protocols
TLS 1.3    No
TLS 1.2    Yes
TLS 1.1    No
TLS 1.0    No
SSL 3    No
SSL 2    No


Cipher Suites
# TLS 1.2 (server has no preference)
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)   WEAK    112
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   WEAK    128
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41)   WEAK    128
TLS_RSA_WITH_SEED_CBC_SHA (0x96)   WEAK    128
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)   WEAK    128
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)   WEAK    128
TLS_RSA_WITH_RC4_128_MD5 (0x4)   INSECURE    128
TLS_RSA_WITH_RC4_128_SHA (0x5)   INSECURE    128
TLS_RSA_WITH_IDEA_CBC_SHA (0x7)   WEAK    128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   WEAK    256
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84)   WEAK    256
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)   WEAK    256
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)   WEAK    256


Handshake Simulation
Android 4.4.2    RSA 2048 (SHA256)      TLS 1.2    TLS_RSA_WITH_AES_256_GCM_SHA384  No FS
Android 5.0.0    RSA 2048 (SHA256)      TLS 1.2    TLS_RSA_WITH_AES_256_CBC_SHA  No FS
Android 6.0    RSA 2048 (SHA256)      TLS 1.2    TLS_RSA_WITH_AES_128_GCM_SHA256  No FS
Android 7.0    RSA 2048 (SHA256)      TLS 1.2    TLS_RSA_WITH_AES_128_GCM_SHA256  No FS
Android 8.0    RSA 2048 (SHA256)      TLS 1.2    TLS_RSA_WITH_AES_128_GCM_SHA256  No FS
Android 8.1    RSA 2048 (SHA256)      TLS 1.2    TLS_RSA_WITH_AES_128_GCM_SHA256  No FS
Android 9.0    RSA 2048 (SHA256)      TLS 1.2    TLS_RSA_WITH_AES_128_GCM_SHA256  No FS
BingPreview Jan 2015    RSA 2048 (SHA256)      TLS 1.2    TLS_RSA_WITH_AES_256_GCM_SHA384  No FS
Chrome 49 / XP SP3    RSA 2048 (SHA256)      TLS 1.2    TLS_RSA_WITH_AES_128_GCM_SHA256  No FS
Chrome 69 / Win 7  R    RSA 2048 (SHA256)      TLS 1.2    TLS_RSA_WITH_AES_128_GCM_SHA256  No FS
Chrome 70 / Win 10    RSA 2048 (SHA256)      TLS 1.2    TLS_RSA_WITH_AES_128_GCM_SHA256  No FS
Chrome 80 / Win 10  R    RSA 2048 (SHA256)      TLS 1.2    TLS_RSA_WITH_AES_128_GCM_SHA256  No FS
Firefox 31.3.0 ESR / Win 7    RSA 2048 (SHA256)      TLS 1.2    TLS_RSA_WITH_AES_128_CBC_SHA  No FS
Firefox 47 / Win 7  R    RSA 2048 (SHA256)      TLS 1.2    TLS_RSA_WITH_AES_128_CBC_SHA  No FS
Firefox 49 / XP SP3    RSA 2048 (SHA256)      TLS 1.2    TLS_RSA_WITH_AES_128_CBC_SHA  No FS
Firefox 62 / Win 7  R    RSA 2048 (SHA256)      TLS 1.2    TLS_RSA_WITH_AES_128_CBC_SHA  No FS
Firefox 73 / Win 10  R    RSA 2048 (SHA256)      TLS 1.2    TLS_RSA_WITH_AES_128_CBC_SHA  No FS
Googlebot Feb 2018    RSA 2048 (SHA256)      TLS 1.2    TLS_RSA_WITH_AES_128_GCM_SHA256  No FS
IE 11 / Win 7  R    RSA 2048 (SHA256)      TLS 1.2    TLS_RSA_WITH_AES_256_GCM_SHA384  No FS
IE 11 / Win 8.1  R    RSA 2048 (SHA256)      TLS 1.2    TLS_RSA_WITH_AES_256_GCM_SHA384  No FS
IE 11 / Win Phone 8.1  R    RSA 2048 (SHA256)      TLS 1.2    TLS_RSA_WITH_AES_128_CBC_SHA256  No FS
IE 11 / Win Phone 8.1 Update  R    RSA 2048 (SHA256)      TLS 1.2    TLS_RSA_WITH_AES_256_GCM_SHA384  No FS
IE 11 / Win 10  R    RSA 2048 (SHA256)      TLS 1.2    TLS_RSA_WITH_AES_256_GCM_SHA384  No FS
Edge 15 / Win 10  R    RSA 2048 (SHA256)      TLS 1.2    TLS_RSA_WITH_AES_256_GCM_SHA384  No FS
Edge 16 / Win 10  R    RSA 2048 (SHA256)      TLS 1.2    TLS_RSA_WITH_AES_256_GCM_SHA384  No FS
Edge 18 / Win 10  R    RSA 2048 (SHA256)      TLS 1.2    TLS_RSA_WITH_AES_256_GCM_SHA384  No FS
Edge 13 / Win Phone 10  R    RSA 2048 (SHA256)      TLS 1.2    TLS_RSA_WITH_AES_256_GCM_SHA384  No FS
Java 8u161    RSA 2048 (SHA256)      TLS 1.2    TLS_RSA_WITH_AES_256_CBC_SHA256  No FS
Java 11.0.3    RSA 2048 (SHA256)      TLS 1.2    TLS_RSA_WITH_AES_256_GCM_SHA384  No FS
Java 12.0.1    RSA 2048 (SHA256)      TLS 1.2    TLS_RSA_WITH_AES_256_GCM_SHA384  No FS
OpenSSL 1.0.1l  R    RSA 2048 (SHA256)      TLS 1.2    TLS_RSA_WITH_AES_256_GCM_SHA384  No FS
OpenSSL 1.0.2s  R    RSA 2048 (SHA256)      TLS 1.2    TLS_RSA_WITH_AES_256_GCM_SHA384  No FS
OpenSSL 1.1.0k  R    RSA 2048 (SHA256)      TLS 1.2    TLS_RSA_WITH_AES_256_GCM_SHA384  No FS
OpenSSL 1.1.1c  R    RSA 2048 (SHA256)      TLS 1.2    TLS_RSA_WITH_AES_256_GCM_SHA384  No FS
Safari 6 / iOS 6.0.1    RSA 2048 (SHA256)      TLS 1.2    TLS_RSA_WITH_AES_256_CBC_SHA256  No FS
Safari 7 / iOS 7.1  R    RSA 2048 (SHA256)      TLS 1.2    TLS_RSA_WITH_AES_256_CBC_SHA256  No FS
Safari 7 / OS X 10.9  R    RSA 2048 (SHA256)      TLS 1.2    TLS_RSA_WITH_AES_256_CBC_SHA256  No FS
Safari 8 / iOS 8.4  R    RSA 2048 (SHA256)      TLS 1.2    TLS_RSA_WITH_AES_256_CBC_SHA256  No FS
Safari 8 / OS X 10.10  R    RSA 2048 (SHA256)      TLS 1.2    TLS_RSA_WITH_AES_256_CBC_SHA256  No FS
Safari 9 / iOS 9  R    RSA 2048 (SHA256)      TLS 1.2    TLS_RSA_WITH_AES_256_GCM_SHA384  No FS
Safari 9 / OS X 10.11  R    RSA 2048 (SHA256)      TLS 1.2    TLS_RSA_WITH_AES_256_GCM_SHA384  No FS
Safari 10 / iOS 10  R    RSA 2048 (SHA256)      TLS 1.2    TLS_RSA_WITH_AES_256_GCM_SHA384  No FS
Safari 10 / OS X 10.12  R    RSA 2048 (SHA256)      TLS 1.2    TLS_RSA_WITH_AES_256_GCM_SHA384  No FS
Safari 12.1.2 / MacOS 10.14.6 Beta  R    RSA 2048 (SHA256)      TLS 1.2    TLS_RSA_WITH_AES_256_GCM_SHA384  No FS
Safari 12.1.1 / iOS 12.3.1  R    RSA 2048 (SHA256)      TLS 1.2    TLS_RSA_WITH_AES_256_GCM_SHA384  No FS
Apple ATS 9 / iOS 9  R    Server sent fatal alert: handshake_failure
Yahoo Slurp Jan 2015    RSA 2048 (SHA256)      TLS 1.2    TLS_RSA_WITH_AES_256_GCM_SHA384  No FS
YandexBot Jan 2015    RSA 2048 (SHA256)      TLS 1.2    TLS_RSA_WITH_AES_256_GCM_SHA384  No FS
# Not simulated clients (Protocol mismatch)
Click here to expand

(1) Clients that do not support Forward Secrecy (FS) are excluded when determining support for it.
(2) No support for virtual SSL hosting (SNI). Connects to the default site if the server uses SNI.
(3) Only first connection attempt simulated. Browsers sometimes retry with a lower protocol version.
(R) Denotes a reference browser or client, with which we expect better effective security.
(All) We use defaults, but some platforms do not use their best protocols and features (e.g., Java 6 & 7, older IE).
(All) Certificate trust is not checked in handshake simulation, we only perform TLS handshake.

Protocol Details
DROWN    No, server keys and hostname not seen elsewhere with SSLv2
(1) For a better understanding of this test, please read this longer explanation
(2) Key usage data kindly provided by the Censys network search engine; original DROWN website here
(3) Censys data is only indicative of possible key and certificate reuse; possibly out-of-date and not complete
Secure Renegotiation    Supported
Secure Client-Initiated Renegotiation    Yes
Insecure Client-Initiated Renegotiation    No
BEAST attack    Mitigated server-side (more info)  
POODLE (SSLv3)    No, SSL 3 not supported (more info)
POODLE (TLS)    No (more info)
Zombie POODLE    No (more info)   TLS 1.2 : 0x000a
GOLDENDOODLE    No (more info)   TLS 1.2 : 0x000a
OpenSSL 0-Length    No (more info)   TLS 1.2 : 0x000a
Sleeping POODLE    No (more info)   TLS 1.2 : 0x000a
Downgrade attack prevention    Unknown (requires support for at least two protocols, excl. SSL2)
SSL/TLS compression    No
RC4    Yes   INSECURE (more info)
Heartbeat (extension)    Yes
Heartbleed (vulnerability)    No (more info)
Ticketbleed (vulnerability)    No (more info)
OpenSSL CCS vuln. (CVE-2014-0224)    No (more info)
OpenSSL Padding Oracle vuln.
(CVE-2016-2107)    No (more info)
ROBOT (vulnerability)    No (more info)
Forward Secrecy    No   WEAK (more info)
ALPN    No
NPN    No
Session resumption (caching)    Yes
Session resumption (tickets)    Yes
OCSP stapling    No
Strict Transport Security (HSTS)    No
HSTS Preloading    Not in: Chrome  Edge  Firefox  IE 
Public Key Pinning (HPKP)    No (more info)
Public Key Pinning Report-Only    No
Public Key Pinning (Static)    No (more info)
Long handshake intolerance    No
TLS extension intolerance    No
TLS version intolerance    No
Incorrect SNI alerts    No
Uses common DH primes    No, DHE suites not supported
DH public server param (Ys) reuse    No, DHE suites not supported
ECDH public server param reuse    No, ECDHE suites not supported
Supported Named Groups    -
SSL 2 handshake compatibility    No


HTTP Requests
1 https://mondomaine.ly/  (HTTP/1.1 200 OK)

Miscellaneous
Test date    Wed, 16 Jun 2021 16:55:27 UTC
Test duration    199.208 seconds
HTTP status code    200
HTTP server signature    ?????? ???? ???????
Server hostname    -
 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...